My Fortiswitches connect Fortigate with fortilink and I add my fortigate to FortiNAC when I plug new pc to fortswitch port it set to register vlan but when i login with active directory user it not maping to role based vlan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Is the host successfully registered in FNAC and which method is used to register the host? Is the 'Registered To' field showing the user in Hosts details?
If you want to use Roles, it need to be configured to match with an LDAP group and than match that in a network access policy.
I configured it but dont work yet. I configure wireless radius authentication it works user based access but LAN LDAP role based access didnt work
Are you using RADIUS authentication also for wired hosts, how are the host registered? Does the host have the 'Registered To' field completed and is the host moved to the Group?
I dont use RADIUS authentication for wired connection I use RADIUS auth for only wireless connection. I use wired connection LDAP authentication
I see the l2 pool failed error on fortiswitch bu fortigate fw l2 poll succed, can it affect this?
When the FSW is managed from the FGT, FNAC will query only the FGT (L2/L3 polling), there is no need to enable L2 polling directly in the switch. More details are shown in the Integration guide.
In case of RADIUS authentication for wired users, FSW will act as the NAS but this is not the case for your setup.
Hello @isgandar
As Emirjon asked above:
Is the host successfully registered in FNAC and which method is used to register the host? Is the 'Registered To' field showing the user in Hosts details? --> If the host is not associated with a "Registered To" user, then the group cannot be matched and the role cannot be assigned.
Sx11 suggestion would also be a solution.
Follow the steps in this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Assign-Roles-based-on-User-LDAP-Directory...
BR
I would suggest to you to assing roles based on the Directory attributes of the user in LDAP instead of Directory group membership.
Follow the steps in this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Assign-Roles-based-on-User-LDAP-Directory...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.